Interface AuthorizationFactory

public interface AuthorizationFactory

Applications may implement the AuthorizationFactory interface for use with an external authorization mechanism. The external authorization mechanism for Panther's Requester Servlet requires the implementation of two Interfaces that are within the com.prolifics.servlet package. These are AuthorizationFactory and Authorization. Classes of the package, com.prolifics.servlet.auth0, provide the implementation for these interfaces for use with Auth0. Source code for these classes is provided in proauth0.jar.

In order to use the AuthorizationFactory interface, the deployment descriptor, web.xml, should contain the servlet property, AuthorizationFactory. The full classname of the implementation class for this interface should be assigned to that property. The Panther Requester Servlet will attempt to load and instantiate an object for the implementation class during initialization of the servlet.

The presence of this servlet property, AuthorizationFactory, causes authorization to be enabled for the Requester Servlet. Otherwise, authorization is not enabled. Thus, if the property is not set, the Requester Servlet will assume that all requests are implicitly authorized. However, this does not preclude the application code running in the Jserver from processing @cgi_http_authorization when it receives the request and denying authorization at that point.

The implementation class for AuthorizationFactory must take a single constructor parameter which is a HashMap. The argument received by the constructor will be a mapping of servlet properties to their values, as given in web.xml. This allows custom properties to be passed to the AuthorizationFactory implementation class.

There is just one method that is required to be implemented for AuthorizationFactory: getAuthorization(). This method takes a single String parameter, and returns an instance of a class that implments the interface, com.prolifics.servlet.Authorization. ProlificsHttpServlet calls getAuthorization() for each request, passing it the value of the HTTP Authorization header that was sent with the request. Use of the factory pattern allows for the implementation to perform caching

Anything may be used in the Authorization header, but for classes implementing OAuth/OAuth2 security it is typically a bearer token.

getAuthorization() returns an instance of a class that implements the com.prolifics.servlet.Authorization interface.

Panther 5.52

Method Summary
 Authorization getAuthorization(java.lang.String authHeader)
          Returns an Authorization instance compatible with an HTTP Authorization header.

Method Detail


Authorization getAuthorization(java.lang.String authHeader)
                               throws AuthorizationException
Returns an Authorization instance compatible with an HTTP Authorization header.

authHeader - An HTTP Authorzation header